Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Possible rootkit or is it Bullguard's own files or processes?
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Customers > Possible rootkit or is it Bullguard's own files or processes?  
Forum Quick Jump
 
New Topic Post reply to : Possible rootkit or is it Bullguard's own files or processes? Printable version of : Possible rootkit or is it Bullguard's own files or processes?
[ << Previous Thread | Next Thread >> ]

121 in Huttoft
New Member


Date Joined Mar 2013
Total Posts : 2
  		   Posted 3/8/2013 8:26 PM (GMT +3)    Quote: Possible rootkit or is it Bullguard's own files or processes?Alert an admin about: Possible rootkit or is it Bullguard's own files or processes?
I have tell-tale signs that I may have a rootkit installed. No regular AV or similar programs pick-up on it (including BG). However have just d/loaded and run GMER (anti-rootkit freeware) and it identifies stuff as follows:
 
Copy & Paste:
 
GMER 2.1.19155 - http://www.gmer.net
Rootkit quick scan 2013-03-08 17:21:41
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_ rev.ST2O 298.09GB
Running: d2mlm8t7.exe; Driver: C:\Users\John\AppData\Local\Temp\pwldypob.sys

---- Disk sectors - GMER 2.1 ----
Disk            \Device\Harddisk0\DR0      unknown MBR code
---- Devices - GMER 2.1 ----
AttachedDevice  \FileSystem\fastfat \Fat   fltmgr.sys
AttachedDevice  \Driver\tdx \Device\Ip     NSNetmon.sys
AttachedDevice  \Driver\tdx \Device\Tcp    NSNetmon.sys
AttachedDevice  \Driver\tdx \Device\Udp    NSNetmon.sys
AttachedDevice  \Driver\tdx \Device\RawIp  NSNetmon.sys
---- EOF - GMER 2.1 ----
There is a suggestion (from my various Googles) that NSNetmon.sys may be Bullguard-related - but I do not know how to interpret the findings of GNER (sounds like Great North Eastern Railway to me). Anyone with any ideas to assist please?

121 in Huttoft

Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 211
  		   Posted 3/8/2013 10:13 PM (GMT +3)    Quote: Possible rootkit or is it Bullguard's own files or processes?Alert an admin about: Possible rootkit or is it Bullguard's own files or processes?
Hi there,


NSNetmon.sys is part of the BullGuard Behavioral engine, which was developed in collaboration with NovaShield.

Best wishes!

Robert Mateescu
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Contact our Support team directly: www.bullguard.com/support.aspx!

Back to Top
 

121 in Huttoft
New Member


Date Joined Mar 2013
Total Posts : 2
  		   Posted 3/8/2013 10:21 PM (GMT +3)    Quote: Possible rootkit or is it Bullguard's own files or processes?Alert an admin about: Possible rootkit or is it Bullguard's own files or processes?
Thanks Robert

I assumed as much.

Post closed.

121 in Huttoft

Back to Top
 
New Topic Post reply to : Possible rootkit or is it Bullguard's own files or processes? Printable version of : Possible rootkit or is it Bullguard's own files or processes?
 
Forum Information
Currently it is Monday, May 20, 2013 11:20 AM (GMT +3)
There are a total of 59,519 posts in 13,140 threads.
In the last 3 days there were 3 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 34611 registered members. Please welcome our newest member, caspied.
21 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
How to secure online transaction? (2)5/20/2013 6:31:15 AM (Sentropi)
Bullguard online drive back up URL for Syncovery? (0)5/19/2013 9:49:08 PM (LogoLogics)
The NovaShield behavior analysis techniques (1)5/19/2013 2:38:49 PM (Nedim)
Uninstalling Bullguard 2013 (1)5/17/2013 7:45:09 PM (Robert Mateescu)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security